Security Flaws in Apple Laptop Batteries May Invite Vulnerability

Charlie Miller, an independent Security Researcher is cautioning users of Apple's laptop to watch out for hackers who may hijack computer batteries, as reported in PCWorld on July 23, 2011.

While examining various Apple notebooks, such as MacBook Airs, MacBook Pros, and MacBooks for their batteries, Miller discovered that the microcontroller chips inside the laptops contained default passwords, which if hacked could let malware purveyors intervene the system.

He stated that the batteries with default passwords were not constructed for anyone to muddle with them but it the functionalities of these components were truly vicious, as reported by PCWorld.

Further, Miller examined software update (2009), which Apple had utilized for rectifying an issue affecting MacBook batteries, and found passwords in the laptops that could help change the batteries. So when he succeeded in accessing them, he also succeeded in altering the chips' capability so they would display only those readings that favored him.

Besides during his experiments, Miller succeeded in blocking 7 batteries accounting for about $130 each. However, cyber-crooks who were able to load malware, which contaminated the laptop's other parts, found it easy to control the notebook's activities, steal data, or even take over it. Normally, an IT administrator would not imagine an infection in the firmware of the battery, so incase it is not detected, the computer could be repeatedly infected.

Contrarily, the security expert also observed that the possibility of a hack was not very high in the manner described above and that end-users are recommended not to feel overtly anxious about the reported flaw.

According to Miller, a lot of actions are required for stopping such a flaw similar to the one mentioned above like solely accept updates or installs which have been scanned for malware.

However, people are advised to keep away from spam mails, as they are mostly malicious and be aware of pop-ups, which may trigger towards deploying a given update that need not necessarily be genuine. Additionally, users must avoid fake file-sharing utilities as well.

Nonetheless, Miller is considering the unveiling of the security flaw while providing a security patch during August 2011, Black Hat Security Conference.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 8/2/2011